diff options
| author | Robin Gloster <mail@glob.in> | 2016-08-03 13:34:44 +0000 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2016-08-03 13:34:44 +0000 |
| commit | 1b979d83845945dabffebff5033cf864b41d5c64 (patch) | |
| tree | 6e81ba4ab8cd28ad9fc8d9e2a3a298bc5a403042 /nixos/doc/manual/configuration/grsecurity.xml | |
| parent | 3f9e8601f2a8537de90f04375400538049bbdaf2 (diff) | |
| parent | d93f917182dc5da7aca53fb9a847374ec0c7429a (diff) | |
| download | nixpkgs-1b979d83845945dabffebff5033cf864b41d5c64.tar nixpkgs-1b979d83845945dabffebff5033cf864b41d5c64.tar.gz nixpkgs-1b979d83845945dabffebff5033cf864b41d5c64.tar.bz2 nixpkgs-1b979d83845945dabffebff5033cf864b41d5c64.tar.lz nixpkgs-1b979d83845945dabffebff5033cf864b41d5c64.tar.xz nixpkgs-1b979d83845945dabffebff5033cf864b41d5c64.tar.zst nixpkgs-1b979d83845945dabffebff5033cf864b41d5c64.zip | |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'nixos/doc/manual/configuration/grsecurity.xml')
| -rw-r--r-- | nixos/doc/manual/configuration/grsecurity.xml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nixos/doc/manual/configuration/grsecurity.xml b/nixos/doc/manual/configuration/grsecurity.xml index 06e7617d58e..3c17fc19397 100644 --- a/nixos/doc/manual/configuration/grsecurity.xml +++ b/nixos/doc/manual/configuration/grsecurity.xml @@ -265,6 +265,11 @@ <sect1 xml:id="sec-grsec-issues"><title>Issues and work-arounds</title> <itemizedlist> + <listitem><para>Access to EFI runtime services is disabled by default: + this plugs a potential code injection attack vector; use + <option>security.grsecurity.disableEfiRuntimeServices</option> to override + this behavior.</para></listitem> + <listitem><para>Virtualization: KVM is the preferred virtualization solution. Xen, Virtualbox, and VMWare are <emphasis>unsupported</emphasis> and most likely require a custom kernel. |